Appln. No. 10/661,384 

Amdt. dated October 30, 2007 

Reply to Office Action of May 18, 2007 



PATENT 



REMARKS/ARGUMENTS 

The objections raised by the Examiner to the Specification and claims have been 
addressed by amendments which are self explanatory. 

Rejections over art are summarized as follows: 

Claims 1, 10-16, 24, 40, 49-52, and 60 stand rejected under 35 U.S.C. 102(b) as 
being anticipated by Shipley, U.S. Pat. No. 6,1 19,236. 

Claims 33-39 stand rejected under 35 U.S.C. 102(b) as being anticipated by 
Ramacher, U.S. Pat. No. 5,253,330. 

Claims 2 and 41 stand rejected under 35 U.S.C. 103(a) over Shipley in view of 
Welfeld U.S. Pat. No. 6,167,047. 

Claims 3-9, 17, 25-26, 42-48, 53, 61 and 62 stand rejected under 35 U.S.C. 103(a) 
over Shipley in view of Ades, U.S. Patent Publication No. 20020042274. 

Claims 18, 19, 22., .23 27-32 stand rejected under 35 U.S.C. 103(a) over 
Shipley in view of Ramacher. 

Claims 54, 55, 58.and 59 stand rejected under 35 U.S.C. 103(a) over Shipley in 
view of Ades, further in view of Ranaacher. 

Claims 20 and 21, stand rejected under 35 U.S.C. 103(a) over Shipley in view of 
Ramacher, further in view of Hubey et al., U.S. Pat. Publ. No. 20030065632. 

Claims 56 and 57 ^tand rejected under 35 U.S.C. 103(a) over Shipley in view of 
Ades, further in view of Ramacher, further in view of Hubey et al. 

Shipley, cited as a primary reference, and Ramacher has been cited as primary 
reference against claims 33-39. , 

Shipley discloses software-based intelligent network security nonspecific to any 
dedeicated hardware components. Ramacher is directed to network architecture for emulation of 
an artificial neural network. Beyond a, few words that might have emerged from a keyword 
search, they have little in common with the present invention and indeed do not even remotely 
suggest the elements of the invention herein claimed. 



Page 12 of 15 



Appln. No. 10/661,384 PATENT 

Amdt. dated October 30, 2007 

Reply to Office Action of May 18, 2007 

By this amendment/ claims 33-39 have been canceled without prejudice in order 
to expedite prosecution. Independent claims 1 and 40 have been amended to clarify the 
invention. Dependent claims 3, 9, 26, 27 and 61 have also been amended. Claims 1-32 and 40- 
62 are now pending after amendment. As will be shown hereafter, the claimed invention is 
patentably distinguishable over the art of record. 

The present invention is directed to statistical classification of data in a network 
effected by inspection of the content through hardware elements operating at wire speed. 

Referring to Claim 1, Shipley, Col. 3, lines 45-54 was cited as discloses a data 
classifier configured to statistically classify data. Nowhere in that segment is statistical 
classification mentioned or even implied. The citation merely refers to examination of packets 
(without reference to which parts), to attempt to recognize patterns. 

Shipley, Col. 5, line,s 24-32 was cited as disclosing a network interface configured 
to receive data-carrying packets. However, Shipley merely teaches a component positioned to 
monitor Ethernet packets traveling bi-directionally through a firewall of a LAN. It is non- 
specific as to whether it actually receives data-carrying packets. 

Shipley, Col. 5,line 58 to col. 6, line 2, and Fig. 2, elements 34 and 36 were cited 
as disclosing a feature extraction hardware block . . . configured to extract at least one feature 
from the received data. However, Shipley merely teaches a software element having the 
operation of look-for-known-code and look-for-known-data, fimctions that purportedly involve 
examination and analysis in "essentially real time." No mention whatever is made of feature 
extraction or of the relevance of a hardware component to effect wire-speed feature extraction. 
More specifically, no mention is made whatsoever of classification of data into data classes. 
Therefore, to emphasize this differencp, claim 1 has been amended to recite that this hardware 
component is configured to extract a plurality of (differing) features. 

Shipley, Col. 7, lines 1-50 was cited as disclosing a statistical classifier ... to 
statistically classify the data in accordance with at least one extracted feature. Instead, Shipley 
teaches a software fiinction of its inventive method to the "assign weight to breach" operation, 
which is a technique for assigning a weight to rate the sophistication of a security breach 
attempt.. This anecdotal examples suggest nothing of categorization or classification beyond a 
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one-dimensional threat level. There is, no mention whatsoever of a statistics-based function. The 
Applicants submit that this fails to anticipate, teach or suggest the classification among features. 
To make these distinctions clear, Claim 1 has been amended to emphasize multiple feature 
extraction. 

Shipley, Col. 7, lines 51-56 was cited as disclosing a pohcy engine coupled to the 
feature extraction [sic] and configured to statistically classify the data. However, Shipley makes 
no mention of a policy engine operative to define rules for data classes based on either feature 
extraction or statistical classification. To make these distinctions clear. Claim 1 has been 
amended to emphasize multiple-rule-defining fimctionality. 

Thus, at least five significant differences with Shipley are now clearly articulated. 
It is therefore respectfully submitted that Claim 1 and all claims dependent thereon clearly define 
patentable subj ect matter. , _ . . . , - 

As to claim 10, Shjple^, Col. 8, lines 30-41 was cited as anticipating 
programmability of the feature exti-actor. In fact, Shipley discloses programming a branching 
function of a decision maker without any reference to feature extraction. This feature of Claim 
10 is not anticipated. 

As to claim 11, Shipley, Col. 4, lines 30-56 and Col. 7, lines 24-27 were cited as 
disclosing programmability of a statistical classifier. However, Shipley merely discloses 
machine readable storage devices containing code with standard computer hardware to execute 
code. There is no mention of a statistical classifier or its functionality. This feature of Claim 1 1 
is not anticipated. 

In view of the foregoing, the Applicants contend that the Shipley reference is not 
an anticipating reference, nor does it render any claim obvious over the state of the art. 

Reference is now made to method claims 40-62. The Applicants reiterate the 
contentions previously made. The, foregoing exercise need not be continued since the 
inapplicability of the Shipley reference has herein above been shown to be inapplicable. 
However, in order to further distinguish the Shipley reference and emphasize inventive features, 
minor clarifying amendments have been made to claim 40. Claims 40-62 are therefore likewise 
allowable. 
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CONCLUSION 



In view of the foregoing, Applicants believe all claims now pending in this 



Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 



If the Examiner believes a telephone conference would expedite prosecution of 



this application, please telephone the undersigned at (650) 326-2400. 



TOWNSEND and TOWNSEND .and CREW LLP 

Two Embarcadero Center, Eighth Floor 

San Francisco, California 941 1 1-3834 

Tel: (650) 326-2400 

Fax: (650) 326-2422 

KRA:deh 




Respectfully submitted, 



Kenneth R. Allen 
Reg. No. 27,301 
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